ID: 47236 Updated by: j...@php.net Reported By: BenBE at geshi dot org -Status: Open +Status: Verified Bug Type: OpenSSL related Operating System: * PHP Version: 5.*, 6.* CVS-2009-01-31
Previous Comments: ------------------------------------------------------------------------ [2009-01-29 04:41:31] BenBE at geshi dot org Description: ------------ When trying to capture the server certificate of an TLS socket connection using the stream_socket_client API no certificate is captured. If connecting to the same host via SSL transport everything works fine. The remote server is known to support TLSv1 properly. Reproduce code: --------------- <?php $mode = "tls"; $site_cert = NULL; $context = stream_context_create(); $result = stream_context_set_option($context, $mode, 'verify_host', true); $result = stream_context_set_option($context, $mode, 'capture_peer_cert', true); if ($fp = stream_socket_client("$mode://ssl.example.de:443/", $errno, $errstr, 30, STREAM_CLIENT_CONNECT, $context)) { if ($options = stream_context_get_options($context)) { var_dump($options); if (isset($options[$mode]) && isset($options[$mode]['peer_certificate'])) { $site_cert = $options[$mode]['peer_certificate']; } } fclose($fp); } if ($site_cert) { openssl_x509_export($site_cert, $str_cert); $pubkey = openssl_pkey_get_public($str_cert); $keyinfo = openssl_pkey_get_details($pubkey); var_dump($keyinfo); } Expected result: ---------------- The first var_dump should contain a resource for the peer_certificate, both when $mode='ssl' AND $mode='tls'. The second dump should include the PEM-encoded public key of the server as well as some info on the key. Actual result: -------------- When $mode is set to 'tls' the 'peer_certificate' index in the first dump is missing and no second dump is written. When $mode='ssl' everything works as expected. ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=47236&edit=1